What is the severity of CVE-2025-30065?

CVE-2025-30065 has been identified with a critical severity due to the potential for arbitrary code execution.

How do I fix CVE-2025-30065?

To fix CVE-2025-30065, upgrade to Apache Parquet version 1.15.1 or later.

Which versions of Apache Parquet are affected by CVE-2025-30065?

Apache Parquet versions 1.15.0 and earlier are affected by CVE-2025-30065.

What specific vulnerability does CVE-2025-30065 address?

CVE-2025-30065 addresses a schema parsing vulnerability in the parquet-avro module.

What could happen if I don't address CVE-2025-30065?

Failure to address CVE-2025-30065 could allow attackers to execute arbitrary code on your system.

Vulnerability/
CVE-2025-30065

critical

CWE

502

EPSS

0.086%

1/4/2025

CVE-2025-30065: Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata

First published: Tue Apr 01 2025(Updated: )

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.

Credit: security@apache.org

Affected Software	Affected Version	How to fix
Apache Parquet	<1.15.0
maven/org.apache.parquet:parquet-avro	<1.15.1	1.15.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-30065?
CVE-2025-30065 has been identified with a critical severity due to the potential for arbitrary code execution.
How do I fix CVE-2025-30065?
To fix CVE-2025-30065, upgrade to Apache Parquet version 1.15.1 or later.
Which versions of Apache Parquet are affected by CVE-2025-30065?
Apache Parquet versions 1.15.0 and earlier are affected by CVE-2025-30065.
What specific vulnerability does CVE-2025-30065 address?
CVE-2025-30065 addresses a schema parsing vulnerability in the parquet-avro module.
What could happen if I don't address CVE-2025-30065?
Failure to address CVE-2025-30065 could allow attackers to execute arbitrary code on your system.

collector/oss-sec
source/oss-sec
alias/CVE-2025-30065
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/type
agent/description
agent/guess-ai
agent/software-canonical-lookup
collector/nvd-api
source/NVD
agent/author
agent/severity
collector/github-advisory-latest
source/GitHub
alias/GHSA-2c59-37c4-qrx5
agent/last-modified-date
agent/references
agent/softwarecombine
agent/trending
agent/event
collector/nvd-cve
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/epss
vendor/apache
canonical/apache parquet
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.